CVE-2025-34026 - Versa Concerto Improper Authentication Vulnerability
Project:Versa
Product:Concerto
Date Added:2026-01-22Due Date:2026-02-12
Vulnerability Name
Versa Concerto Improper Authentication Vulnerability
Description
Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e
https://nvd.nist.gov/vuln/detail/CVE-2025-34026
Related News Articles
CISA confirms active exploitation of four enterprise software bugsJanuary 24, 2026
CISA Updates KEV Catalog with Four Actively Exploited Software VulnerabilitiesJanuary 23, 2026